We have 12 Patch Reporting smart groups set up using “Less Than” and the version we’re deploying. We deploy to 4 groups on different days: Alpha, Beta, UAT, Wave 1, and Wave 2 (Execs/Traders). One Deployment Day, I update each smart groups by adding the next test group using parentheses and the “or” option. We use AutoPkgr for package downloads but can’t use autopkg jamfuploaders due to DLP restrictions. We currently can’t have apps autoupdate and have to manage the updates on a monthly basis. Modifying the 12 groups takes about 15 minutes to do, but I’m looking for a more efficient solution.
This is how our smart groups being setup. Using Chrome as an example.
Application Smart Groups
Name: Monthly Patching - Google Chrome Update
Criteria: Patch Reporting Application name
Operator: Less than
Value: The current version we’re deploying. We have to manually change this each month.
Main Smart Group this list all 12 Patch reporting smart groups. Use an open/closed parathesis and the “or” option.
Name: Monthly Patching - A - All Apps
Criteria: Computer Group
Operator: member of
Value: Monthly Patching - Google Chrome Update
The 12 Policies are setup like this
Name: Update Google Chrome
Custom: We have a trigger set that another policy kicks off
Execution Frequency: Ongoing
Scope to: Monthly Patching - Google Chrome Update.
When a device updates, it drops out of the smart group, so it won't keep deploying
Kickoff Policy
Name: Update_All_Test
Recurring Check-in
Custom: UpdateAll
Scoped to: Monthly Patching - A - All Apps
This makes easy, so we only have to set the deployment time on one policy.
This contains a script that runs the trigger for each patching policies
When we kickoff policy Update_All_Test, it runs the script targeting the patching policies. Everything works, just looking for an easier way, so I don’t have to go in to each Patching Smart Group for every deployment.
